Customers of UK net provider Plusnet have been told to change the password for their account following a break-in earlier this month where malicious hackers gained control of a Plusnet's mail server and stole a list of e-mail addresses. Spammers used the list to send junk mail to customers and some may have been hit with a trojan. Plusnet shut down its webmail system while it tried to remedy the problem, attributed the attack to a "malicious third party" and said it was not sure how many e-mail addresses the hackers had stolen. The attack was carried out via Plusnet's webmail service that lets customers get their messages via the net provider's website. The list of addresses was for accounts customers used to get at the webmail system plus e-mail addresses in the online contacts lists and the addresses used to send e-mail from online accounts.
In a statement, Neil Armstrong, products director at Plusnet, said: "After a full security audit, Plusnet's webmail service was taken offline permanently at midday Wednesday, 16 May, as a precaution against a number of minor potential security vulnerabilities that had not been exploited." In a separate note to customers, Plusnet said it was "impossible" to close these unexploited loopholes. Mr Armstrong said a replacement webmail service had now been set up for customers to get at their online accounts.
News source: BBC News